- Fixed bug in IO::DiscardAll that could lead to buffer overrun
- Added unit test
- Fixed PriorityQueue::Put to enforce item size limit
- Modified auoms.service to include CPU limits
- Modified so that auoms/auomscollect will continue to monitor
and re-apply cgroup membership
- Cleaned up some return value handling
- Add support for metrics from cummulative counter
- Add metrics from /proc/self/io
- Add PriorityQueue metrics
- Simplify locking strategy in PriorityQueue
- Fix unit tests
- Added collection of syscall metrics
- Added collection of auoms process CPU and MEM consumtion metrics
- Added system CPU and MEM metrics
- Added collection of event metrics
- Changed event accumulator so it uses steady clock for tracking event
age instead of event id. Added more efficient LRU list.
- Changed so PATH records values are accumulated in a fixed set of
fields where each field value is a JSON array of values ordered
by PATH record order.
- Changed SYSCALL event type from AUOMS_EXECVE to AUOMS_SYSCALL
- Changed to include proctitle in non-execve syscall events.
- Fixed "-S all" and "-S <number>" rule handling.
- Fix std::function arg passing, make move semantics explicit.
- Move event filter logic into seperate class.
- Fix code so unit tests pass.
- Fix json encoding of escaped values.
- Remove exit(1) from ProcessNotify.
- Fix ProcessNotify/ProcessTree Stop().
- Fix parsing of INTEGRITY_POLICY_RULE records.
- Fix thread stack leak.
* Split into seperate collector and forwarder
- Add NETLINK data collection
- Add collector management to forwarder
* Modified auomscollect.cpp so that it exits if /sbin/auditd file is created
* Remove dependency on libaudit/libauparse, add rule management
* Added op status reporting and fixed many bugs
- Added EXECVE parse unit tests
* Fix loaded rule update logic
* Fix installer to properly restart/enable auoms
Tad Glines